Handle authorization bearer tokens

Add support for bearer tokens to auth module.
nicolaiarocci · May 24, 2016 · 9f6c2d2 · 9f6c2d2
1 parent b56189f
commit 9f6c2d2
Show file tree

Hide file tree

Showing 2 changed files with 17 additions and 2 deletions.
diff --git a/eve/auth.py b/eve/auth.py
@@ -268,11 +268,12 @@ def authorized(self, allowed_roles, resource, method):
 
         # Werkzeug parse_authorization does not handle
         # "Authorization: <token>" or
-        # "Authorization: Token <token>"
+        # "Authorization: Token <token>" or
+        # "Authorization: Bearer <token>"
         # headers, therefore they should be explicitly handled
         if not auth and request.headers.get('Authorization'):
             auth = request.headers.get('Authorization').strip()
-            if auth.lower().startswith('token'):
+            if auth.lower().startswith(('token', 'bearer')):
                 auth = auth.split(' ')[1]
 
         if auth:

diff --git a/eve/tests/auth.py b/eve/tests/auth.py
@@ -277,6 +277,20 @@ def test_custom_auth(self):
         self.assertTrue(isinstance(self.app.auth, ValidTokenAuth))
 
 
+class TestBearerTokenAuth(TestTokenAuth):
+    def setUp(self):
+        super(TestBearerTokenAuth, self).setUp()
+        self.valid_auth = [('Authorization', 'Token test_token'),
+                           self.content_type]
+
+    def test_bad_auth_class(self):
+        self.app = Eve(settings=self.settings_file, auth=BadTokenAuth)
+        self.test_client = self.app.test_client()
+        r = self.test_client.get('/', headers=self.valid_auth)
+        # will fail because check_auth() is not implemented in the custom class
+        self.assert500(r.status_code)
+
+
 class TestCustomTokenAuth(TestTokenAuth):
     def setUp(self):
         super(TestCustomTokenAuth, self).setUp()